[tor-relays] botnet? abusing/attacking guard nodes

teor teor2345 at gmail.com
Sun Dec 17 21:24:06 UTC 2017


> On 18 Dec 2017, at 02:45, Logforme <m7527 at abc.se> wrote:
> 
> My relay ran out of connections once and also crashed once so I followed the suggestions in the "DoS attacks are real (probably)" thread and implemented connection limits in my firewall. Everything have run smoothly since.
> 
> My only concern is how low I can set the number of connections per IP address. Someone wrote a legit client will only open max 2 tcp connections. I'd like this verified before I lower my limits further.

A standard tor client will only open one connection to each guard.

But please don't assume there is only one client per IPv4 address.
Many networks and even entire countries have a very small IPv4
address allocation. If you restrict it to one connection per IP
address, you will be restricting some of the people who need tor
the most. And you will push the load onto a smaller set of guards.

Using 256 per IP is probably reasonable.

If we manage to fix some bugs in the socket limits in Tor, we can
activate them only when the relay is under heavy load, which is
even better.

T




More information about the tor-relays mailing list